3 matches found
CVE-2024-6123 Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload
The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload...
CVE-2024-6123 Bit Form <= 2.13.3 - Authenticated (Administrator+) Arbitrary File Upload
The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload...
WordPress Bit Form – Contact Form Plugin Plugin <= 2.12.3 is vulnerable to Arbitrary File Upload
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.12.3 Fixed in 2.13.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6123 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 569eb657724e Credits István Márton Required...